sudo by default?

Lennart Poettering mzerqung at 0pointer.de
Tue May 4 21:36:54 UTC 2010 

On Tue, 04.05.10 14:07, Jesse Keating (jkeating at redhat.com) wrote:

> On Tue, 2010-05-04 at 16:56 -0400, William Jon McCann wrote:
> > Hey,
> > 
> > So what is our view of setting up sudo by default for standalone
> > systems?  Probably has some relationship with the systems on which we
> > prevent root logins.
> > 
> > It is worth noting that many of us have to set up ourselves each time
> > we install Fedora.  Might be nice if something like it was done by
> > default.
> > 
> > Is sudo the right answer or should we be thinking about pkexec?  Thoughts?
> > 
> > Thanks,
> > Jon
> 
> I like sudo, it is a more traditional tool than pkexec.  While it does
> remove the need from having to know the root password, it doesn't
> obviate the need for a root user who has all the fun.  Sudo would just
> get you access to some/all of it.
> 
> That said, I think it would be useful in our new user creation that if
> we said that this user is the local admin (for whatever that does to
> your policykit settings) we also grant them sudo access.  Probably the
> best way to deal with this is not to munge the /etc/sudoers file, but
> instead ship a config file that allows for a certain group or pk role to
> have sudo rights, and then when we create the user(s) we either add them
> to that group or role or not.  That way they can pick up sudo rights
> without us having to modify the rpm shipped config file.  But now I'm
> off in implementation land...

the default sudoers already contains a commented line that makes sudo
work for the venerable wheel group that way. I'd suggest simply enabling
that, as it is the path of least surprise to most, I'd guess.

BTW: another reason to enable sudo by default is to unify things a
little across distributions: to my knowledge Ubuntu (and related
distros) set up sudo like that. It would be nice if folks coming from
their would have an easy path to administrating Fedora systems.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the desktop mailing list